IControl and Cert Expiry

Question

Hi,&nbsp;
I have a question,
&nbsp; I am little newbie to F5 iControl. Any help would be greatly appreciated.&nbsp;&nbsp;
In Summary: What is am trying to is list the associated certificates with a particular F5 virtual server
If I do this same things using the F5 console I would follow the following steps&nbsp;
1. Open the Virtual server&nbsp;
2. Check the client side or server side SSL profile&nbsp;
3. Then go to profiles or client or server and get the name of the cert&nbsp;
4. Then go to certificates and check the expiry date&nbsp;
I have tried the scripts.. Where I am with them is that I can list the pool members and SSL profile, is there any easier way to achieve this.&nbsp;
Thanks in advance&nbsp;

michael_yates · Answer

Hi Testing,
Here are the iControl Methods that you are going to want to dig into to get what you are wanting:
You can get more detailed information for these methods here:  iControl API Reference
Get Virtual Server List:
LocalLBVirtualServer.get_list
Get Virtual Server SSL Profile (Client):
LocalLBVirtualServer.get_profile
LocalLBProfileType.PROFILE_TYPE_CLIENT_SSL

Get Virtual Server SSL Profile (Server):
LocalLBVirtualServer.get_profile
LocalLBProfileType.PROFILE_TYPE_SERVER_SSL

Get SSL Profile List (Client):
LocalLBProfileClientSSL.get_list
Get SSL Profile List (Server):
LocalLBProfileServerSSL.get_list
Get Certificate List:
ManagementKeyCertificate.get_certificate_list
Get Key List:
ManagementKeyCertificate.get_key_list

michael_yates_6 · Answer

Hi Testing,
Here are the iControl Methods that you are going to want to dig into to get what you are wanting:
You can get more detailed information for these methods here:  iControl API Reference
Get Virtual Server List:
LocalLBVirtualServer.get_list
Get Virtual Server SSL Profile (Client):
LocalLBVirtualServer.get_profile
LocalLBProfileType.PROFILE_TYPE_CLIENT_SSL

Get Virtual Server SSL Profile (Server):
LocalLBVirtualServer.get_profile
LocalLBProfileType.PROFILE_TYPE_SERVER_SSL

Get SSL Profile List (Client):
LocalLBProfileClientSSL.get_list
Get SSL Profile List (Server):
LocalLBProfileServerSSL.get_list
Get Certificate List:
ManagementKeyCertificate.get_certificate_list
Get Key List:
ManagementKeyCertificate.get_key_list

testing_32412 · Answer

Hi Michael Yates,

thanks for a quick and prompt response

(Get-F5.iControl).LocalLBProfileClientSSL.get_certificate_file_v2("");

This just gives me the text containing .crt
How do i get an expiry date?

what i am trying to achieve is i want to check all the Virtual server's that are active in LTM and navigate through its profile, and find out which cert is it using and then find out the expiry date of the cert.

any advise is greatly appreciated.

thanks,
Kumar

testing_32412 · Answer

Hi Michael Yates,

thanks for a quick and prompt response

(Get-F5.iControl).LocalLBProfileClientSSL.get_certificate_file_v2("");

This just gives me the text containing .crt
How do i get an expiry date?

what i am trying to achieve is i want to check all the Virtual server's that are active in LTM and navigate through its profile, and find out which cert is it using and then find out the expiry date of the cert.

any advise is greatly appreciated.

thanks,
Kumar

Forum Discussion

IControl and Cert Expiry

4 Replies

Recent Discussions

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Related Content

Certificate Expiry Email alert configuration

iControl REST Authentication Token Management

f5_api_com Certificate Expiry

Microsoft Powershell with iControl

Use Kubernetes Cert-Manager to Maintain Let's Encrypt Certificates